CVE-2014-3300

2014-07-0711:01:30

CWE-264

[email protected]

web.nvd.nist.gov

bvsmweb

cisco

unified communications domain manager

cdm

access control

remote attackers

user information

url

vulnerability

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

86.0%

JSON

The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows remote attackers to modify user information via a crafted URL, aka Bug ID CSCum77041.

Affected configurations

NVD

Node

ciscounified_cdm_application_softwareRange≤8.1.4

ciscounified_cdm_application_softwareMatch8.1

ciscounified_communications_domain_managerMatch-

CPENameOperatorVersion
cisco:unified_cdm_application_softwarecisco unified cdm application softwarele8.1.4
cisco:unified_cdm_application_softwarecisco unified cdm application softwareeq8.1
cisco:unified_communications_domain_managercisco unified communications domain managereq-

CPE	Name	Operator	Version
cisco:unified_cdm_application_software	cisco unified cdm application software	le	8.1.4
cisco:unified_cdm_application_software	cisco unified cdm application software	eq	8.1
cisco:unified_communications_domain_manager	cisco unified communications domain manager	eq	-